﻿/* eslint valid-jsdoc: "off" */

'use strict';

/**
 * @param {Egg.EggAppInfo} appInfo app info
 */
module.exports = appInfo => {
  /**
   * built-in config
   * @type {Egg.EggAppConfig}
   **/
  const config = exports = {};

  // use for cookie sign key, should change to your own and keep security
  config.keys = appInfo.name + '_1583652940357_5546';
  // config.jwt = {
  //   secret: 'egg-api-jwt',
  // };
  // add your middleware config here
  config.middleware = [];
  // config.middleware = [ 'jwt' ];
  // config.redis = {
  //   client: {
  //     port: 6379, // Redis port
  //     host: '127.0.0.1', // Redis host
  //     password: 'auth',
  //     db: 0,
  //   },
  // },
  config.mysql = {
    // database configuration
    // client: {
    //   // host
    //   host: 'localhost',
    //   // port
    //   port: '3306',
    //   // username
    //   user: 'root',
    //   // password
    //   password: '123456',
    //   // database
    //   database: 'react-blog',
    // },
    client: {
      // host
      host: '192.168.19.30',
      // port
      port: '30014',
      // username
      user: 'root',
      // password
      password: '123456',
      // database
      database: 'react-blog',
    },
    // load into app, default is open
    app: true,
    // load into agent, default is close
    agent: false,
  };
  config.bodyParser = {
    enable: true,
  };
  // <meta http-equiv="Content-Security-Policy" content="script-src 'self'; object-src 'none'; style-src cdn.example.org third-party.org; child-src https:">
  config.security = {
    csrf: {
      enable: false,
      headerName: 'x-csrf-token', // 通过 header 传递 CSRF token 的默认字段为 x-csrf-token
      queryName: '_csrf', // 通过 query 传递 CSRF token 的默认字段为 _csrf
      bodyName: '_csrf', // 通过 body 传递 CSRF token 的默认字段为 _csrf
    },
    // 只允许本站资源
    csp: {
      enable: true,
      policy: {
        'default-src': 'self',
        'img-src': '*',
      },
    },
    // X-Frame-Options HTTP 响应头是用来给浏览器 指示允许一个页面 可否在 <frame>, <iframe>, <embed> 或者 <object> 中展现的标记。
    xframe: {
      enable: true,
      // 'SAMEORIGIN', 'DENY' or 'ALLOW-FROM http://example.jp'
      value: 'ALLOW-FROM http://127.0.0.1:3000',
    },
    'x-frame-options': false,
    // egg中由两种服务端跳转的方法，ctx.redirect(url)会经过配置白名单的校验后再进行跳转，如果domainWhiteList 为空则与ctx.unsafeRedirect(url)跳转一样不进行校验
  };

  config.cors = {
    origin: '*', // 需要关闭 withCredentials 配置
    domainWhiteList: [ 'http://127.0.0.1:3000', 'http://127.0.0.1:3001' ],
    // origin: [ 'http://127.0.0.1:3001', 'http://127.0.0.1:3000' ],
    credentials: true, // 允许Cook可以跨域
    // withCredentials: false,
    // eslint-disable-next-line no-extra-parens
    // origin: (() => {
    //   // return ('http://127.0.0.1:3000' || 'http://127.0.0.1:3001');
    //   return 'http://127.0.0.1:3000';
    // }),
    // origin: 'http://127.0.0.1:3001',
    // maxAge: 1000,
    // allowHeaders: [ '*' ],
    allowMethods: 'GET,HEAD,PUT,POST,DELETE,PATCH,OPTIONS',
    // exposeHeaders: 'set-cookie Set-Cookie Set-cookies',
    // keepHeadersOnError: true,
  };
  // add your user config here
  const userConfig = {
    // myAppName: 'egg',
  };

  return {
    ...config,
    ...userConfig,
  };
};
